package com.ruanxie.interceptor;


import com.ruanxie.constant.JwtClaimsConstant;
import com.ruanxie.context.BaseContext;
import com.ruanxie.entity.User;
import com.ruanxie.exception.BaseException;
import com.ruanxie.properties.JwtProperties;
import com.ruanxie.utils.JwtUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * jwt令牌校验的拦截器
 */
@Component
@Slf4j
public class JwtTokenUserInterceptor implements HandlerInterceptor {
    @Autowired
    private JwtProperties jwtProperties;


    /**
     * 校验jwt，同时设置当前线程的用户信息
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //判断当前拦截到的是Controller的方法还是其他资源
        if (!(handler instanceof HandlerMethod)) {
            //当前拦截到的不是动态方法，直接放行
            return true;
        }
        //1.从请求头中获取令牌
        String token = request.getHeader(jwtProperties.getAdminTokenName());
        //2.校验令牌
        try{
            log.info("进行jwt令牌校验:{}",token);
            Claims claims = JwtUtil.parseJWT(jwtProperties.getAdminSecretKey(),token);
            log.info("用户信息：{}",claims);
            String role=String.valueOf(claims.get(JwtClaimsConstant.role));
            String accountId=String.valueOf(claims.get(JwtClaimsConstant.accountId));

            //判断请求的url是否为对应的端
            String requestURI=request.getRequestURI();
            User.RoleInfo roleInfo = User.roleMapping.get(role);

            if(roleInfo != null && requestURI.startsWith(roleInfo.getRolePath())){
                //TODO 尝试：优化：所携带的内容
                BaseContext.setCurrentId(accountId);
//                log.info(accountId);
//                log.info(BaseContext.getCurrentId());
                return true;
            }else{
                //不是对应端的请求
                throw new Exception();
            }

        }catch (Exception ex){
            //4.不通过，响应401状态码，表示没有权限
            response.setStatus(401);
            return false;
        }

    }
}
